If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

W32/Yaha.E is a modification of Worm/Lentin (Valentine.scr), an
Internet worm that spreads by retrieving e-mail addresses from
the Windows Address Book, as well as, from addresses found in
cached webpages. In addition, to these methods, W32/Yaha.E also
can spread through contacts it finds in the MSM Messanger and the
ICQ database list.

It scans all files with the extension HTM, HTML and HTA

This variant arrives as another friendship screen saver

The subject is randomly selected from a pre-determined list

The name of the Attachment begins with one of the following names:
loveletter
resume
love
weeklyreport
goldfish
report
mountan
biodata
dailyreport
lovegreetings
shakingfriendship

If executed, the worm copies itself in the \Recycled\ directory
under a random filename (ie. "kiek.exe". Additionally, a text
file (using the same random characters) is also created in the
/windows/ directory. This text file contains the following:

W32.HLLW.Kazmor is a worm that has backdoor Trojan capability, which allows a hacker to gain control of the compromised computer. W32.HLLW.Kazmor spreads across a local network using shared drives. The worm also attempts to spread across KaZaA file-sharing networks.

The worm disguises itself as movies, games, or porno-related programs, or as software files to trick KaZaA users into downloading the program and opening it. W32.HLLW.Kazmor is written in the Borland Delphi programming language.

Backdoor.NetControle is a Trojan horse that allows a hacker to remotely control an infected computer. It is written in the Visual Basic programming language. It will listen for connections on TCP/UDP port 1772.

NOTE: Virus definitions dated prior to June 20, 2002, may detect this threat as Backdoor.Trojan.

Number of infections: 0 - 49
Number of sites: More than 10
Geographical distribution: Low
Threat containment: Easy
Removal: Easy

W32.Kwbot.Worm has backdoor Trojan capability, which allows a hacker to gain control of the compromised computer. The worm can update itself by checking for newer versions over the Internet. W32.Kwbot.Worm disguises itself as popular movie, game, or software files, and it attempts to spread across KaZaA file-sharing networks by tricking KaZaA users into downloading the program and opening it.

According to F-Secure, the Benjamin worm spreads only to and from computers that have the KaZaa network clients software installed

which is fair enough. But the MP3 downloads I get are from grokster which also downloads from KaZaa users, without me having installed KaZaa, so does that mean I could get it? I mean it sounds like obviously yes, I would, but I don't like assuming stuff and because it doesn't say I wondered if you knew? Although from what I have read the virus only replicates the most popular downloads, none of which would constitute my collection...!

Uhm... how are these so new and unique that: "6 mth old Defs won't cut it!"?

probably not a well worded subject.. i must admitt.

From my experience .. If you haven't updated your "Defs" for six months or more, you probably haven't even run a full scan of you system. Let alone letting the AV use heuristics during its scanns/ or during "auto protect".. or even bother with any security measures..

What do you mean my computer has a virus?!!!

is the common reply from my clients
and this is the usual justification..

my computer came with a virus programm

and the clincher

when i bought it 3 years ago

so if you fall into that group.. six month old defs won't cut it...

Cheers

"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

I try not to realize the harsh fact that people out there think that just because they have NAV or some other anti-virus installed that it protects against everything forever. Automated updates for these people are a must, as they don't know, and haven't found out, that they need to update them weekly.

We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.